What are the methods of password encryption?

Password encryption methods include: 1. Use symmetric encryption algorithms (such as 3DES, AES) to encrypt. Using this method of encryption can restore the original password through decryption. Of course, the prerequisite is to obtain Key; 2. Use one-way HASH algorithm (such as MD5, SHA1) for password, but the original password cannot be restored through calculation; 3. Use special one-way HASH algorithm for password; 4. Use PBKDF2 algorithm for encryption; 5. Use BCrypt algorithm for encryption; 6. Use SCrypt algorithm for encryption.

The operating environment of this tutorial: windows7 system, DELL G3 computer

As a web developer, we often need to interact with the user’s account system The biggest challenge is how to protect users' passwords. Password is the most important shield of a website system. If the website system is compared to a castle, then the password is the gate. There is always a lot of debate about how to securely store passwords and which algorithm to use: MD5, SHA1, SHA256, PBKDF2, Bcrypt, Scrypt, Argon2, plaintext? ?

7 Common Password Encryption Methods

What methods should we use to protect users’ passwords? The following methods are common ways to save passwords:

1. Use symmetric encryption algorithm to save

Usage:★★☆☆☆

 For example, with algorithms such as 3DES and AES, the original password can be restored through decryption using this method of encryption. Of course, the prerequisite is to obtain the key. However, since a large amount of user information has been leaked, the key is likely to be leaked as well. Of course, general data and keys can be stored and managed separately, but it is also very complicated to completely protect the keys, so this Not in a good way.

##plaintext

密文

密文

明文

2. Use one-way HASH algorithms such as MD5 and SHA1 to protect passwords

##Usage:★★★☆☆

##plaintext

密文

密文

明文

3. Special one-way HASH algorithm

Usage:★★★☆☆

The one-way HASH algorithm is no longer safe in protecting passwords, so some companies have added salt, multiple HASH and other extensions based on the one-way HASH algorithm. These methods can increase the difficulty of cracking to a certain extent. For those who add "fixed salt" "The HASH algorithm needs to protect the "salt" from being leaked, which will encounter the same problem as "protecting the symmetric key". Once the "salt" is leaked, the rainbow table can be re-established based on the "salt" for cracking. For multiple HASH , it only increases the cracking time, but does not substantially improve it.

##Salt Plain text

密文

密文

明文

4, PBKDF2

Usage:★★★★☆

 The principle of this algorithm is roughly equivalent to On the basis of the HASH algorithm, random salt is added and multiple HASH operations are performed. The random salt greatly increases the difficulty of creating a rainbow table, and multiple HASH also greatly increases the difficulty of creating and cracking the table. When using the PBKDF2 algorithm, the HASH algorithm generally uses sha1 or sha256. The length of the random salt should generally not be less than 8 bytes, and the number of HASH times must be at least 1,000, so that the security is high enough. A password verification process carries out 1000 HASH operations, which may only take 1ms for the server, but for the cracker the calculation cost increases by 1000 times, and at least 8 bytes of random salt increases the difficulty of creating a table by N Order of magnitude, making large-scale password cracking almost impossible. This algorithm is also recommended by the National Institute of Standards and Technology.

PB KDF2 has been around for a long time, and as discussed in the previous article, it is a bit outdated: easy to achieve parallelism on multi-core systems (GPU), which is trivial for custom systems (FPGA/ASIC) .

随机盐 明文

密文

密文

##Clear text

5、BCrypt

Usage:★★★ ★☆

6、SCrypt

Usage:★★★★☆

7、Argon2

Usage:★★★★★

Argon2i is the most secure option against side-channel attacks, Argon2i uses data-agnostic memory access, which is the preferred method for password hashing, Argon2i makes more passes over memory to prevent trade-off attacks happened.
• Argon2d is the most secure option against GPU cracking attacks, and Argon2 won the password hashing competition in July 2015. Argon2d uses data-dependent memory access, which makes it well suited for cryptocurrencies and proof-of-work applications without the threat of side-channel timing attacks.
• Argon2id acts as Argon2i for the first half of the first iteration of memory and as Argon2d for the remainder. Therefore, based on the balance of time and space, it not only provides side-channel attack protection but also saves brute force overhead.

Warm reminder：

FAQcolumn!

##Algorithm Features Effective cracking method Cracking Difficulty Others ##Symmetric encryption One-way HASH ##Special HASH Undecryptable Collision, rainbow table 中 Need to ensure that the "salt" is not leaked Pbkdf2 Undecryptable None Difficult Need to set reasonable parameters BCrypt Undecryptable No Difficult Need to set reasonable parameters SCrypt Undecryptable None Difficult Need to set reasonable parameters Argon2 Undecryptable None Difficult

#Symmetric encryption

对称解密

After using these algorithms, the original password cannot be restored through calculation, and the implementation is relatively simple. Therefore, many Internet companies use this method to save user passwords. This method used to be a relatively safe method, but with the advent of rainbow tables With the rise of technology, rainbow tables can be established for table lookup and cracking. This method is currently very unsafe.

无法还原

#HASH algorithm

无法还原

#Multiple HASH Algorithm

无法还原

 BCrypt was created in 1999, and is better than PBKDF2 in combating GPU/ASIC, but I still do not recommend you to use it in new systems because of the threat model analysis of offline cracking. The performance is not outstanding. Although there are some cryptocurrencies that rely on it (ie: NUD), it has not gained much popularity and, therefore, there has not been enough interest in the FPGA/ASIC community to build a hardware implementation of it. Having said that, Solar Designer (OpenWall), Malvoni and Knezovic (University of Zagreb) wrote a paper in 2014 that describes a monolithic system using a hybrid ARM/FPGA to attack this algorithm. SCrypt in today’s world is a better choice: better designed than BCrypt (especially regarding memory) and has been working in this field for 10 years. On the other hand, it is also used in many cryptocurrencies, and we have some hardware (including FPGAs and ASICs) that can implement it. Although they are used specifically for mining, they can also be repurposed for cracking.Argon2 based on AES Implementation, modern x64 and ARM processors have implemented it in instruction set extensions, thus greatly narrowing the performance gap between normal systems and attacker systems,There are three main versions of Argon2:If you are concerned about side-channel attacks (for example: the Malicious Data Cache Loading/Spectre vulnerability, which allows reading the private memory data of other running processes on the same hardware via a cache-based side channel), You should use Argon2i, otherwise use Argon2d. If you're not sure or you're comfortable with a hybrid approach, you can use Argon2id to get the best of both worlds. Source code is available on Github, written in C89-compatible C, licensed under a Creative Commons license, and compiles on most ARM, x86 and x64 architecture hardware.…After 2019, relevant experts have suggested not to use PBKDF2 or BCrypt, and strongly recommend Argon2 (preferably Argon2id) for latest systems. Scrypt is the best choice when Argon2 is not available, but keep in mind that it has the same issues with side-channel leakage.For more related knowledge, please visit the

Can decrypt the plain text	Get the key	中	Need to ensure that the key is not leaked
Undecryptable	Collision, rainbow table	中

The above is the detailed content of What are the methods of password encryption?. For more information, please follow other related articles on the PHP Chinese website!